31-4 Vol. 3C
VIRTUAL-MACHINE MONITOR PROGRAMMING CONSIDERATIONS
— 6: VMRESUME after VMXOFF.
1
If this error occurs, software can avoid the error by executing the following sequence of instructions:
VMPTRST working-VMCS pointer
VMCLEAR working-VMCS pointer
VMPTRLD working-VMCS pointer
VMLAUNCH
(VMPTRST may not be necessary is software already knows the working-VMCS pointer.)
•
If none of the above errors occur, the processor checks on the VMX controls and host-state area. If any of these
checks fail, the VM-entry instruction fails. RFLAGS.ZF is set to 1 and either 7 (VM entry with invalid control
field(s)) or 8 (VM entry with invalid host-state field(s)) is saved in the VM-instruction error field.
•
After a VM-entry instruction (VMRESUME or VMLAUNCH) successfully completes the general checks and checks
on VMX controls and the host-state area (see Section 26.2), any errors encountered while loading of guest-
state (due to bad guest-state or bad MSR loading) causes the processor to load state from the host-state area
of the working VMCS as if a VM exit had occurred (see Section 31.7).
This failure behavior differs from that of VM exits in that no guest-state is saved to the guest-state area. A VMM
can detect its VM-exit handler was invoked by such a failure by checking bit 31 (for 1) in the exit reason field of
the working VMCS and further identify the failure by using the exit qualification field.
See Chapter 26 for more details about the VM-entry instructions.
31.5
VMM SETUP & TEAR DOWN
VMMs need to ensure that the processor is running in protected mode with paging before entering VMX operation.
The following list describes the minimal steps required to enter VMX root operation with a VMM running at CPL = 0.
•
Check VMX support in processor using CPUID.
•
Determine the VMX capabilities supported by the processor through the VMX capability MSRs. See Section
31.5.1 and Appendix A.
•
Create a VMXON region in non-pageable memory of a size specified by IA32_VMX_BASIC MSR and aligned to a
4-KByte boundary. Software should read the capability MSRs to determine width of the physical addresses that
may be used for the VMXON region and ensure the entire VMXON region can be addressed by addresses with
that width. Also, software must ensure that the VMXON region is hosted in cache-coherent memory.
•
Initialize the version identifier in the VMXON region (the first 31 bits) with the VMCS revision identifier reported
by capability MSRs. Clear bit 31 of the first 4 bytes of the VMXON region.
•
Ensure the current processor operating mode meets the required CR0 fixed bits (CR0.PE = 1, CR0.PG = 1).
Other required CR0 fixed bits can be detected through the IA32_VMX_CR0_FIXED0 and
IA32_VMX_CR0_FIXED1 MSRs.
•
Enable VMX operation by setting CR4.VMXE = 1. Ensure the resultant CR4 value supports all the CR4 fixed bits
reported in the IA32_VMX_CR4_FIXED0 and IA32_VMX_CR4_FIXED1 MSRs.
•
Ensure that the IA32_FEATURE_CONTROL MSR (MSR index 3AH) has been properly programmed and that its
lock bit is set (Bit 0 = 1). This MSR is generally configured by the BIOS using WRMSR.
•
Execute VMXON with the physical address of the VMXON region as the operand. Check successful execution of
VMXON by checking if RFLAGS.CF = 0.
Upon successful execution of the steps above, the processor is in VMX root operation.
A VMM executing in VMX root operation and CPL = 0 leaves VMX operation by executing VMXOFF and verifies
successful execution by checking if RFLAGS.CF = 0 and RFLAGS.ZF = 0.
If an SMM monitor has been configured to service SMIs while in VMX operation (see Section 34.15), the SMM
monitor needs to be torn down before the executive monitor can leave VMX operation (see Section 34.15.7).
VMXOFF fails for the executive monitor (a VMM that entered VMX operation by way of issuing VMXON) if SMM
monitor is configured.
1. Earlier versions of this manual described this error as “VMRESUME with a corrupted VMCS”.